Never has there been a greater point in our history that more business data is electronically stored on hard disk drives, CD’s, DVD’s, Tapes, External Drives and backed up to other servers. As more and more companies are placing sensitive data on electronic mediums that data becomes vulnerable to the same problems that paper documents faced: fire, flood, damage, altering, and theft. (more…)
Archive for the ‘DSL’ Category
The cost of data: Lost Vs. Compromised
Monday, August 10th, 2009How to find the Top 100 Virus Senders
Wednesday, July 22nd, 2009http://www.senderbase.org/home/detail_virus_source
Visiting this link sends you to a page that will list the top 100 virus senders.
Hackers Place Malicous Code on on Power Grid
Friday, May 29th, 2009So, you think you are safe from attackers because you have Windows Firewall turned on and you think that Linksys router is protecting you? Think again! Not only has our Department of Defense been hacked but our power grid too!
Malicious hackers placed code in the computer systems of our nations power grid infrastructure that could have caused wide spread damage and possibly rolling blackouts throughout the entire country. Just imagine, companies like Progress Enery and Florida Power and Light who have dedicated IT support are being hacked! These companies spend millions of dollars on new equipment and training to keep their systems optimal.
Not having your network actively monitored and assuming that running some freeware AVG with a Linksys router is really just playing the “security through obscurity” game that you will ALWAYS lose. By having Portbridge monitor your network and install our deep packet filtering firewall we can monitor all aspects of your network and keep you safe from being hacked.
Here is the Article from CNN:
WASHINGTON (CNN) — Computer hackers have embedded software in the United States’ electricity grid and other infrastructure that could potentially disrupt service or damage equipment, two former federal officials told CNN.
The ex-officials say code also has been found in computer systems of oil and gas distributors.
The ex-officials say code also has been found in computer systems of oil and gas distributors.
The code in the power grid was discovered in 2006 or 2007, according to one of the officials, who called it “the 21st century version of Cold War spying.”
Department of Homeland Security Director Janet Napolitano would not confirm such a breach, but said Wednesday that there has been no known damage caused by one.
“There have been, to my knowledge, no disruptions of power on any grid caused by a deliberate cyberattack on our infrastructure — on the grid,” Napolitano said. “Nonetheless, we remain in constant protection, prevention, education, resiliency mode and we work with the utility sector particularly on that.” Video Watch security officials explain threat »
The U.S. power grid isn’t the only system at risk. The former officials said malicious code has been found in the computer systems of oil and gas distributors, telecommunications companies and financial services industries.
Napolitano said the vulnerability of the nation’s power grid to cyberattacks “has been something that the Department of Homeland Security and the energy sector have known about for years,” and that the department has programs in place to fight such attacks.
Security experts say such computer hacking could be the work of a foreign government — possibly Russia or China — seeking to compromise U.S. security in the event of a future military conflict.
Don’t Miss
* ‘Smart grid’ may be vulnerable to hackers
Former CIA operative Robert Baer said he is not aware of a specific breach like the one the former officials describe. But he said people in the intelligence community assume that such attacks from countries like China go on all the time.
“Their foreign intelligence service has been probing our computers, our defense computers, our defense contractors, our power grids, our telephone system. … I just came from a speech at the national defense university and they were hit by the Chinese trying to get into their systems,” Baer said.
“They are testing and have gotten in portals. It’s a serious threat.”
Baer said if the software was embedded by a foreign government, he doubts it would be used to launch a surprise attack. Instead, he said, that government likely would keep the bugs in place in case of a future conflict with the United States.
“It’s deterrence in the event of war,” he said. “They will have another weapon at their disposal, which will be to turn off our power.”
When the coding is found, it can be destroyed. But experts said that’s easier said than done.
“If you have somebody who knows what they’re doing writing that code and embedding it in a clever way, you can look right at it and not recognize it,” said Scott Borg, director and chief economist at the U.S. Cyber Consequences Unit, an independent research institute.
And even when it’s found, Borg said, confirming the source of a cyberattack can be next to impossible.
“Anonymity is a fact of life in the cyberworld,” he said. “It’s very easy to run an attack through somebody else’s computer. It’s very easy to embed code in Russian or Chinese when you’re not Russian or Chinese.
“So it’s very difficult to be confident on where anything like this comes from.”
Critics of the utilities industry have accused it of not doing enough in the past to defend against cyberassaults. But Ed Legge, spokesman for the Edison Electric Institute, which represents shareholder-owned electric companies, said the industry takes the threat seriously and has made progress in closing some of the loopholes that would allow such attacks.
President Obama has started a 60-day review of all the nation’s efforts at cybersecurity that is expected to be completed by April 17, Napolitano said.
While utility grids are owned by industries, not the government, Napolitano said her department will continue working with power companies and other industries to help prevent an attack that could cripple power or other vital services.
advertisement
“Can we continue to work to enhance efforts within critical infrastructure like the utility grid? Yes,” she said. “Are we continuously looking for ways to enhance and educate for the prevention and protection of the cyberworld? Absolutely.
“Is this a priority of the president’s and of all of us that are involved with safety and security? You bet.”
—Are you making every effort to protect your network and data?
U.S Army Servers Hacked
Friday, May 29th, 2009Exclusive: Defense Department investigators subpoena records from Google, Microsoft, and Yahoo in connection with ongoing probe.
A known computer hacking clan with anti-American leanings has successfully broken into at least two sensitive Web servers maintained by the U.S. Army, InformationWeek has learned exclusively.
Department of Defense and other investigators are currently probing the breaches, which have not been publicly disclosed.
The hackers, who collectively go by the name “m0sted” and are based in Turkey, penetrated servers at the Army’s McAlester Ammunition Plant in McAlester, Okla., and at the U.S. Army Corps of Engineers’ Transatlantic Center in Winchester, Va.
The breach at the McAlester munitions plant occurred on Jan. 26, according to records of the investigation obtained by InformationWeek. On that date, Web users attempting to access the plant’s site were redirected to a Web page that featured a protest against climate change.
On Sept. 19, 2007, the same hackers electronically broke into Army Corps of Engineers’ servers. That hack sent Web users to www.m0sted.net. The page, at the time, contained anti-American and anti-Israeli rhetoric and images, records show. It currently appears to be an Internet landing spot that features airline reservation links.
Beyond the redirects, it’s not clear whether the group was able to obtain sensitive information from the Army’s servers.
The hacks are the subject of an ongoing criminal investigation by Defense Department officials and members of the U.S. Army’s Judge Advocate General’s Office and Computer Emergency Response Team. Investigators have executed records search warrants against Microsoft (NSDQ: MSFT), Yahoo (NSDQ: YHOO), Google (NSDQ: GOOG), and other Internet service and e-mail providers as part of their efforts to unmask the hackers’ true identities.
Investigators believe the hackers used a technique called SQL injection to exploit a security vulnerability in Microsoft’s SQL Server database to gain entry to the Web servers. “m0sted” is known to have carried out similar attacks on a number of other Web sites in the past — including against a site maintained by Internet security company Kaspersky Lab.
The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools.
Equally troubling is the fact that the hacks appear to have originated outside the United States. Turkey is known to harbor significant elements of the al-Qaida network. It was not clear if “m0sted” has links to the terrorist group.
Defense Department officials did not immediately return calls seeking comment on the case.
— The government can subpeona ANYONE whom they feel is involved with some form legal activity. Cyber terrorists such as the group in question will actually use computers of those they have currently hacked to mount attacks against such agencies as the US government. This means that YOU could potentially be infected with software you don’t know is running that could land you in front of a judge explaining why you didn’t properly secure YOUR network.
Spam Hits all time high! 90.4%
Friday, May 29th, 2009May 28th, 2009, 10:09 am (http://www.lxer.com)
The latest Symantec MessageLabs Intelligence Report has landed on my desk and makes for the usual rather depressing reading. I guess that most depressing of all, if not surprising when you take a look at your inbox or worse still your junk folder, are the figures relating to spam activity during May 2009.
It would appear that spam has managed to hit a new low by reaching a new high, and what a high: up 5.4 percent on the previous month to peak at representing some 90.4 percent of all email by volume. That really does suck elephants through a straw backwards, only 1 in every 10 emails not being some unwanted junk mailing. Sigh.
What is odd, however, is the fact that the report reveals the majority of the May increase comprised of messages with hardly any content at all beyond a subject line and a valid URL in the body. Saves having to have it translated into English I suppose. Perhaps not so odd the fact that every URL pointed towards a different, yet active, social networking profile which would appear to have been created using automated CAPTCHA-cracking tools. (What this means is that people will send spam that is nothing more than a web link to another page)
“As spam levels continue to increase, we are seeing existing attack techniques combine and morph into one” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. “In 2008 CAPTCHA-breaking, social networking spam and the use of webmail for spamming all became popular tactics. Today, the bad guys are using the three together as a triple threat to heighten the effectiveness of their spamming.”
MessageLabs has also looked into when spam is received, and this would appear to vary depending where in the world you happen to be. US residents see their spam peaking between 9 and 10 in the morning, for example, whereas Europeans are much more likely to get an unrelenting stream of spam throughout the working day. Residents of Asia-Pacific countries start with lots of spam, but it fades off as the day progresses.
“These patterns suggest that spammers are more active during the US working day,” Wood said. “This could be because most active spammers are based in the US, according to data from Spamhaus, or because this is when the spammers’ largest target audience is online and likely to respond.”
The US Government and Computer Security
Friday, May 29th, 2009Obama Plans To Name Czar For Cybersecurity
America has for too long failed to adequately protect the security of its computer networks, President Obama said Friday, announcing he will name a new cyber czar to take on the job.
Surrounded by a host of government officials, aides and corporate executives, Obama said this is a “transformational moment” for the country, where computer networks are probed and attacked millions of times a day.
“We’re not as prepared as we should be, as a government or as a country,” he said, calling cyber threats one of the most serious economic and military dangers the nation faces.
He said he will soon pick the person he wants to head up a new White House office of cyber security, and that person will report to the National Security Council as well as to the National Economic Council, in a nod to the importance of computers to the economy.
While the newly interconnected world offers great promise, Obama said it also presents significant peril as well. The president declared: “Cyberspace is real, and so is the risk that comes with it.”
Laying out a broad five-point plan, the president said the U.S. needs to provide the education required to keep pace with technology and attract and retain a cyber-savvy work force. He called for a new education campaign to raise public awareness of the challenges and threats related to cyber security.
He assured the business community, however, that the government will not dictate how private industry should tighten digital defenses.
Government officials have grown increasingly alarmed as U.S. computer networks are constantly assailed by attacks and scams, ranging from nuisance hacking to more nefarious probes and attacks, including suspicions of cyber espionage by other nations, such as China.
Obama noted that his own computer system for the presidential campaign at one point last year was compromised by hackers, but said the security of the names and financial information on contributors was intact.
— If you think YOUR computer is safe from hackers you are stating that your security is better than our government. Can you honestly say that about your data and network?
All DSL is NOT created equal
Wednesday, January 7th, 2009I often get the question, “Eric, why should I get Internet Access from you when I can get the same thing from AT&T or Embarq?” An excellent question, with an equally excellent answer. It is true that as an independent ISP we purchase wholesale access from AT&T and Embarq to provide DSL access and that the equipment that our DSL rides on is the EXACT same equipment that you would use if you got Internet Access from one of the incumbents. To make things worse we charge more for DSL than you can get it directly from the incumbents, but this is where the similarities end.